Cisco ASA Series Configuration Manual page 96

Guidelines for Cisco TrustSec
Before You Begin
The referenced server group must be configured to use the RADIUS protocol. If you add a
•
non-RADIUS server group to the ASA, the configuration fails.
• If the ISE is also used for user authentication, obtain the shared secret that was entered on the ISE
when you registered the ASA with the ISE. Contact your ISE administrator to obtain this
information.
To configure the AAA server group to communicate with the ISE on the ASA, perform the following
steps:
Procedure
Create the AAA server group and configure the AAA server parameters for the ASA to communicate
Step 1
with the ISE server.
aaa-server server-tag protocol radius
Example:
hostname(config)# aaa-server ISEserver protocol radius
The server-tag argument specifies the server group name.
Exit from the aaa server group configuration mode.
Step 2
exit
Example:
hostname(config-aaa-server-group)# exit
Configure a AAA server as part of a AAA server group and set host-specific connection data.
Step 3
hostname(config)# aaa-server server-tag (interface-name) host server-ip
Example:
hostname(config)# aaa-server ISEserver (inside) host 192.0.2.1
The interface-name argument specifies the network interface where the ISE server resides. The
parentheses are required in this parameter. The server-tag argument is the name of the AAA server
group. The server-ip argument specifies the IP address of the ISE server.
Specify the server secret value used to authenticate the ASA with the ISE server.
Step 4
key key
Example:
hostname(config-aaa-server-host)# key myexclusivekey
The key argument is an alphanumeric keyword up to 127 characters long.
If the ISE is also used for user authentication, enter the shared secret that was entered on the ISE when
you registered the ASA with the ISE.
Step 5 Exit from the aaa server host configuration mode.
exit
Example:
hostname(config-aaa-server-host)# exit
Cisco ASA Series Firewall CLI Configuration Guide
6-14
Chapter 6 ASA and Cisco TrustSec